Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

Tuesday, April 12, 2016

• TransCanada Corporation announced April 10 that it resumed
operations on its Keystone crude pipeline at reduced pressure after receiving
authorization from the U.S. Pipeline and Hazardous Materials Safety
Administration April 9 following an April 2 shut down when a leak was
discovered in Hutchinson County, South Dakota. – Reuters

1. April 11,
Reuters – (National) TransCanada restarts Keystone pipeline at reduced
pressure. TransCanada Corporation announced April 10 that it resumed
operations on its Keystone crude pipeline at reduced pressure after receiving
authorization from the U.S. Pipeline and Hazardous Materials Safety
Administration April 9 following the pipeline’s shut down April 2 when a leak
was discovered near the company’s Freeman pump station in Hutchinson County,
South Dakota. The company stated that it will conduct aerial patrols and visual
inspections.

• The North East Independent School District in Texas announced
April 8 that 3 separate ransomware incidents beginning in February, encrypted
about 2.5 terabytes of data, impacting all 20 campuses and 2 departments. – KENS
5 San Antonio

18. April 8,
KENS 5 San Antonio – (Texas) Ransomware attacks 20 North East ISD schools. The
North East Independent School District in Texas announced April 8 that 3
separate ransomware incidents beginning in February, encrypted about 2.5
terabytes of data, impacting all 20 campuses and 2 departments. Authorities
asserted that students’ personal information was not compromised and that
encrypted files were deleted and replaced with backup data. Source: http://www.kens5.com/news/local/ransomware-attacks-20-northeast-isd-schools/125053680

• Forty-two people were injured April 8 following a 5-alarm fire
at a Keyport, New Jersey building that caused extensive damage to the facility
and 3 surrounding buildings. – Asbury Park Press

20. April 11,
Softpedia – (International) Petya ransomware unlocked, you can now
recover password needed for decryption. Two security researchers discovered
ways to help victims of the Petya ransomware retrieve locked files and unlock
computers after one researcher created two Web sites where victims can obtain
the decryption password, and another researcher from Emsisoft created a tool
that can help generate passwords needed to unlock victims’ computers.

21. April 11,
SecurityWeek – (International) Nuclear exploit kit uses Tor to download
payload. Researchers from Cisco discovered that the Nuclear exploit kit
(EK) was dropping a Tor client file, named “tor.exe”, for Microsoft Windows to
execute a request via the Tor anonymity network to download a secondary payload
as several domains listed in the network traffic of the Nuclear exploit kit
(EK) were never registered and were not associated with any Domain Name System
(DNS) traffic. Researchers noted that as attackers used Tor to download a
second payload, the malware was more difficult to track back to its hosting
system.

22. April 9,
Softpedia – (International) CryptoHost ransomware locks your data in a
password-protected RAR file. Security researchers from MalwareForMe,
MalwareHunterTeam, Bleeping Computer, and an independent researcher discovered
a way to recover RAR files locked by the CryptoHost ransomware after an
analysis of the ransomware revealed it was using a combination of the users’ ID
number, motherboard serial number, and the C:\ volume serial number to generate
a secure hash algorithm (SHA) 1 hash, which was used to give the RAR file’s
name and the file’s password. Researchers stated victims will need to open the
Windows Task Manager, find the cryptohost.exe process, stop its execution, and
unzip the RAR file. Source: http://news.softpedia.com/news/cryptohost-ransomware-locks-your-data-in-a-password-protected-rar-file-502767.shtml

23. April 8,
SecurityWeek – (International) Cisco releases critical security updates. Cisco
released six security advisories including a high impact vulnerability in the
Web application programming interface (API) of the Cisco Prime Infrastructure
and Evolved Programmable Network Manager (EPNM) that could allow an attacker to
send a crafted Uniform Resource Language (URL) request to bypass role-based
access control (RBAC) and gain elevated privileges, as well as a vulnerability
in the TelePresence Server that that could allow an attacker to cause a kernel
panic and reboot the device, among other vulnerabilities. Source: http://www.securityweek.com/cisco-releases-critical-security-updates

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"